c# - How do I retrieve Register Context from AccessViolationException? -


i have x64 crash dump of managed (c#) application p/invokes native code. dump taken after native code attempted dereference bad memory location, , after .net marshaler had turned accessviolationexception. result, stack frame error occurred no longer available, , thread exception occurred hijacked clr exception handler:

0:017> kb  # retaddr           : args child                                                           : call site 00 000007fe`fd3b10dc : 00000000`0402958b 00000000`20000002 00000000`00000e54 00000000`00000e4c : ntdll!ntwaitforsingleobject+0xa 01 000007fe`ea9291eb : 00000000`00000000 00000000`00000cdc 00000000`00000000 00000000`00000cdc : kernelbase!waitforsingleobjectex+0x79 02 000007fe`ea929197 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!clreventwaithelper2+0x38 03 000007fe`ea929120 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!clreventwaithelper+0x1f 04 000007fe`ead8cae5 : 00000000`29cbc7c0 00000000`3213ce40 00000000`00000000 00000000`ffffffff : clr!clreventbase::waitex+0x70 05 000007fe`ead8c9d0 : 00000000`29cbc7c0 00000000`00000000 00000000`0002b228 00000000`0002b228 : clr!thread::waitsuspendeventshelper+0xf5 06 000007fe`eacf2145 : 00000000`007ea060 000007fe`ea924676 00000000`00000000 000007fe`fd3b18da : clr!thread::waitsuspendevents+0x11 07 000007fe`eaccc00c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!thread::rareenablepreemptivegc+0x33a905 08 000007fe`eae2c762 : 00000000`00000000 00000000`007cbce0 00000000`29cbc7c0 00000000`00000001 : clr!thread::raredisablepreemptivegc+0x31b40c 09 000007fe`eaf662d4 : 00000000`00000000 00000000`007cbce0 00000000`29cbc7c0 00000000`00000000 : clr!eedbginterfaceimpl::disablepreemptivegc+0x22 0a 000007fe`eaf66103 : 00000000`29cb0100 00000000`00000000 00000000`3213cf80 00000000`29cbca20 : clr!debugger::sendexceptionhelperandblock+0x174 0b 000007fe`eaf65d0d : ffffffff`ffffffff 00000000`29cbca20 00000000`29cbc700 000007fe`eaf62100 : clr!debugger::sendexceptioneventsworker+0x343 0c 000007fe`eaf61bd8 : 00000000`00000100 00000000`00000000 00000000`00000019 00000000`3213dd01 : clr!debugger::sendexception+0x15d 0d 000007fe`eadac75d : 00000000`007cbce0 00000000`3213d258 00000000`3213d1e8 00000000`00000001 : clr!debugger::lastchancemanagedexception+0x1f8 0e 000007fe`eaf698c7 : 000075ce`2b30e018 00000000`00000000 00000000`00000001 00000000`00000000 : clr!notifydebuggerlastchance+0x6d 0f 000007fe`eaf6af20 : 00000000`00000000 000007fe`8cf40020 000007fe`8cfa200c 4328fffe`43e0fffe : clr!debugger::unhandledhijackworker+0x1a7 10 000007fe`eaaacbf0 : 00000000`0000000a 00000000`2ab23e30 00000000`00000001 00000000`00000000 : clr!exceptionhijackworker+0xc0 11 00000000`3213d8c0 : 00000000`3213ddb0 00000000`00000001 00000000`00000000 00000000`0000000b : clr!exceptionhijack+0x30 12 00000000`3213ddb0 : 00000000`00000001 00000000`00000000 00000000`0000000b 00000000`0035578c : 0x3213d8c0 13 00000000`00000001 : 00000000`00000000 00000000`0000000b 00000000`0035578c ffffffff`00000002 : 0x3213ddb0 14 00000000`00000000 : 00000000`0000000b 00000000`0035578c ffffffff`00000002 00000000`00350268 : 0x1

and .exr -1 (display recent exception) returns:

0:017> .exr -1 exceptionaddress: 00000000771d685a (user32!zwusermessagecall+0x000000000000000a)    exceptioncode: 80000004 (single step exception)   exceptionflags: 00000000 numberparameters: 0

the call user32!zwusermessagecall @ top of stack of thread 0, not 17 native exception occurred, can assume it's not pointing exception.

i can dump access violation exception info native error:

0:017> !dumpobj /d 0000000012175640 name:        system.accessviolationexception methodtable: 000007fee9a61fe8 eeclass:     000007fee9528300 size:        176(0xb0) bytes file:        c:\windows\microsoft.net\assembly\gac_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll fields:               mt    field   offset                 type vt     attr            value name 000007fee9a50e08  4000002        8        system.string  0 instance 000000001217b538 _classname 000007fee9a5b218  4000003       10 ...ection.methodbase  0 instance 0000000000000000 _exceptionmethod 000007fee9a50e08  4000004       18        system.string  0 instance 0000000000000000 _exceptionmethodstring 000007fee9a50e08  4000005       20        system.string  0 instance 0000000012179818 _message 000007fee9a61f18  4000006       28 ...tions.idictionary  0 instance 0000000000000000 _data 000007fee9a51038  4000007       30     system.exception  0 instance 0000000000000000 _innerexception 000007fee9a50e08  4000008       38        system.string  0 instance 0000000000000000 _helpurl 000007fee9a513e8  4000009       40        system.object  0 instance 0000000012179ad0 _stacktrace 000007fee9a513e8  400000a       48        system.object  0 instance 0000000012179c68 _watsonbuckets 000007fee9a50e08  400000b       50        system.string  0 instance 0000000000000000 _stacktracestring 000007fee9a50e08  400000c       58        system.string  0 instance 0000000000000000 _remotestacktracestring 000007fee9a53980  400000d       88         system.int32  1 instance                0 _remotestackindex 000007fee9a513e8  400000e       60        system.object  0 instance 0000000000000000 _dynamicmethods 000007fee9a53980  400000f       8c         system.int32  1 instance      -2147467261 _hresult 000007fee9a50e08  4000010       68        system.string  0 instance 0000000000000000 _source 000007fee9a54a00  4000011       78        system.intptr  1 instance                0 _xptrs 000007fee9a53980  4000012       90         system.int32  1 instance       -532462766 _xcode 000007fee9a02d50  4000013       80       system.uintptr  1 instance                0 _ipforwatsonbuckets 000007fee9a3d210  4000014       70 ...ializationmanager  0 instance 0000000012179900 _safeserializationmanager 000007fee9a513e8  4000001        0        system.object  0   shared           static s_edilock                                  >> domain:value  00000000007e09b0:notinit  << 000007fee9a54a00  400018a       98        system.intptr  1 instance      7fedad179f4 _ip 000007fee9a54a00  400018b       a0        system.intptr  1 instance fffffffc2ab22078 _target 000007fee9a53980  400018c       94         system.int32  1 instance                0 _accesstype

from see instruction address failed (7fedad179f4) , address code tried dereference (fffffffc2ab22078). appears sign extension or overflow bug somehow, it's not obvious in code how might have happened. instruction referenced is:

0:017> u 7fedad179f4 mydll!_interpolate+0x174 [c:\my\source\file.c @ 85]: 000007fe`dad179f4 f3450f59548404  mulss   xmm10,dword ptr [r12+rax*4+4]

to debug further, need register context when native code crashed see in r12 , rax. possible retrieve?

edit: tried information parameters exceptionhijackworker, values don't make sense me. function signature according @s.t.'s link is

void stdcall exceptionhijackworker(t_context * pcontext,                                    exception_record * precord,                                    ehijackreason::ehijackreason reason,                                    void * pdata);

so first parameter of 0000000a doesn't make sense pointer. , dumping second parameter 000000002ab23e30 yields nonsensical data exception_record:

0:017> dd 000000002ab23e30 00000000`2ab23e30  00000019 00000019 2ab23e40 00000000 00000000`2ab23e40  42b8f800 42b8de00 42b89b00 42b85000 00000000`2ab23e50  42b81b00 42b7a000 42b72600 42b6fa00 00000000`2ab23e60  42b6a000 42b67a00 42b63600 42b59c00 00000000`2ab23e70  42b4fc00 42b4da00 42b49e00 42b46a00 00000000`2ab23e80  42b38e00 42b31c00 42b2d600 42b29000 00000000`2ab23e90  42b2ec00 42b2fa00 42b2a000 42b27a00 00000000`2ab23ea0  42b23e00 42b6e800 42b6ab00 42b66c80

0x19 , 0x19 exceptioncode , exceptionflags don't make sense; there no code value , flag documented being 0 or exception_noncontinuable, defined 1.

am misinterpreting here?

following advice @s.t., started probing around call stack see if find exception record or context record. started around strangeness @ bottom of stack, namely:

0:017> k  # child-sp          retaddr           call site ... 0f 00000000`3213d210 000007fe`eaf6af20 clr!debugger::unhandledhijackworker+0x1a7 10 00000000`3213d850 000007fe`eaaacbf0 clr!exceptionhijackworker+0xc0 11 00000000`3213d880 00000000`3213d8c0 clr!exceptionhijack+0x30 12 00000000`3213d8a8 00000000`3213ddb0 0x3213d8c0 13 00000000`3213d8b0 00000000`00000001 0x3213ddb0 14 00000000`3213d8b8 00000000`00000000 0x1

i happened find exception record:

0:017> .exr 00000000`3213ddb0  exceptionaddress: 000007fedad179f4 (smtcv!_interpolate+0x0000000000000174)    exceptioncode: c0000005 (access violation)   exceptionflags: 00000000 numberparameters: 2    parameter[0]: 0000000000000000    parameter[1]: fffffffc2ab22078 attempt read address fffffffc2ab22078

and happened find context record (what looking for):

0:017> .cxr 00000000`3213d8c0  rax=0000000000000019 rbx=000000000000000a rcx=00000000709c7c88 rdx=0000000000000002 rsi=000000002ab23e30 rdi=0000000080000000 rip=000007fedad179f4 rsp=000000003213dff0 rbp=0000000000000019  r8=000007ffffe22000  r9=0000000070910000 r10=0000000000000000 r11=000000003213e0a0 r12=fffffffc2ab22010 r13=000000002b50ae40 r14=000000002ab241ec r15=0000000000000003 iopl=0         nv ei pl nz na pe nc cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000             efl=00010200 mydll!_interpolate+0x174: 000007fe`dad179f4 f3450f59548404  mulss   xmm10,dword ptr [r12+rax*4+4] ds:fffffffc`2ab22078=????????

i can see bad pointer in r12 now!

i don't understand these stack frames are, or why exception , context records stored return address them. comments on great, me , future readers.


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more